KAV 1.3 - where's the features at?

Today I updated from KAV 1.2 to 1.3 to take advantage of the kaspersky enterprise workstation edition. My reaction to the upgrade is fairly ho hum.

Things I've noticed so far;

- The install is some 140MB with no way to set an install source

- The client upgrade procedure reboots the computer twice with no warning to the user. How do you propose we upgrade with minimal impact?

- The new client has many more features, including IM AV, Anti-Spam etc. We can enable/ disabled through the profile wizard but that's it, how do we configure it?

- The profile wizard still contains only the most basic settings. How do I configure KAV further than enabling / disabling an entire component.

- Network drive scanning is on by default :/

About the only positive I can gather thus far is that I can now save to pdf from word 2010 without having to pause KAV protection.

Is there any information about on how to configure the client further? How do I exclude a URL from WebAV? How do I disable Network drive scanning globally? This isn't really an anti-virus solution unless I can customise it to meet the needs of each customer.

Surely people are customising this themselves, what's the secret?

Thanks,

James

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

I second that... i also had an issue on all of my test systems where the AV is throwing registry protection alerts on the Kaseya Agent. If this is any indication of the "great, new, and focused on the little details everyone has been complaining about", then I'm getting a little worried.

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

We're currently actively working on version 1.4 to be released in a few months. That version would include the functionality you're missing to be able to find tune the various component settings of Kaspersky. Please be patient with us as we improve KAV and give you feature parity.

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

So basically, 1.3 is of no use to me until 1.4 is release 'in a few months'? The issues he listed in the original post (as well as the Kaseya-Integrated AV product seeing the Kaseya Agent as a threat) makes 1.3 useless (and potentially harmful, for that matter) to me and my clients. What is the specific target date for 1.4?

If you never used KAV before and are now considering installing KAV 1.3 then maybe I can understand that you're still requiring additional functionality. We are constantly improving the features and adding more functionality with each version, but if you say "no use to me" I have to say that's not true. There is a lot of value in version 1.3. There are still many things that are missing, but that doesn't contradict my first statement

As for "potentially harmful", I would like to understand what exactly do you mean by that. I'm not aware of anything harmful about KAV1.3 so it would help me if you can be more specific.

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

@Rick. KAV1. 3 primary focus was to get the corporate Kaspersky engine out with major bug fixes which was the top demanding request from the customers. Like Inbar mentioned above, our focus is to get more manageability features into our kAV1.4 release . KAV1.4 development work is in progress. An exact release date has not yet been decided but it will be in late Q2 or early Q3.

Thanks,

Meghana Subramanian

Kaseya Antivirus team

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

I will be more clear. This version still seems to be very 'rough around the edges' (i.e. a beta release or pre-release, not a full-blown public release). Customers have an expectation for the full-blown version to be a tuned and polished release--which this is not.

The reason i say "it is useless to me" is because i cant deploy this to anyone in my network. Scanning network files (potentially harmful when CAD systems that store files on a central server--very common--slow down and bring an engineering firm to a crawl, for an off the cuff example); extra features that cannot be controlled (useful for some, yes, pain in the rear for others and needs to be disabled, absolutely); force reboot twice without user intervention.... how am i supposed to deploy this? Then to top it off a user gets alerts out of the box that our monitoring software is malicious. So then they dont click exactly the right thing when the AV alert pops up, and the agent is prevented from running properly, if at all (harmful to me!).

I am not talking about the rare circumstances that things need to be tweaked here... i cant deploy this to any of my customers as it stands--engineering firms, manufacturing companies, retail, no one. I was just as excited as I'm sure everyone else was to get the newer version of KAV-- (and yes, i do currently use KAV on about 50% of my customers, if not more) --that performed a little better, had more options, and so on. But this, quite frankly, is more of a dissapointment/frustration.

SO now, here i am stuck with the 1.3 release that i installed (with an expectation that it would, for the most part, be functional and ready to deploy) and i have to leave all but my test clients on 1.2, and I have to manually "tweak" any system i deploy between now and whenever 1.4 is released.

Is there a target date for the new release (1.4)?

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

- The client upgrade procedure reboots the computer twice with no warning to the user. How do you propose we upgrade with minimal impact?

- Network drive scanning is on by default :/

These really trouble me. Granted, not much can be done for the first issue (except to kill our remote network links) but the last two are going to cause significant problems for us.

We just recently went through the KAV 1.1 to KAV 1.2 upgrade process and noticed that we do not have any control over when the KAV update. Using the Update button did nothing (my test machine was updated three days after we scheduled it to update) and there's no way to prevent KAV from updating until its convenient for the user. I really hope jamesn was mistaken when he described two surprise forced reboots per machine.

Has anyone figured out how to problematically, and globally, disable network drive scanning. I can't add all drive letters to the global whitelist as that would eliminate thumb drives, and adding every conceivable UNC is going to be labor intensive. The last thing I need is 1,000+ endpoints each scanning terrabytes of network drives.

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

Please email me to inbar.gazit@kaseya.com if you want to see screenshots and detailed explanation on this isssue but please don't keep repeating that KAV 1.3 scan network drives, because it doesn't and this is confusing to other users who want to use KAV 1.3

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

Inbar, by saying that the premise "of this thread is not correct" are you saying that none of the issues mentioned in the original post are true?

I think we need to be careful which KAV features we're talking about. I know KAV's Proactive Defense in v1.0 and v1.1 had a problem with one of our applications that loads from a network drive (it didn't have a problem with the application if it was installed locally). Once we added the full UNC path to the global exclusions list KAV stopped blocking the application. Now, that's not the same as KAV's file scanner scanning network shares, but it is an example of KAV interacting badly with a network resource.

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

In any case, to simply dismiss the entire thread as incorrect over a single point is average.

Inbar, maybe you can help me add a customers intranet site to the trusted site list for WebAV as a certain control is being blocked. At the moment my options are; Disable WebAV completely or Manually configure the exclusion on each client (100+). I've identified the registry keys & values needed and I could script that up however KAV blocks modifications to it's own key path. The only option Kaseya gives me is to exclude iexplore.exe, no thanks.

Bill - It does require reboots without notification, the client upgrade window has this written in red text. I tested it too and it does reboot twice without warning to the user.

I just don't get the point behind this update, sure it's a new engine, but how can you claim you have an integrated AV solution when I can't configure it appropriately? AV is not a 1 size fits all solution, it _needs_ to be customisable. Was expecting alot more from Kaseya with this update.... IMO Kaseya AV is only suitable for the most basic of environments.

[edited by: jamesn at 5:59 PM (GMT -7) on 3-26-2012]
additional text

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

He was not mistaken... it really does reboot twice. It did it identically on two test systems; granted, the server warned me this would happen before i did it, but there's no way around it to my knowledge. And given that the WOL functions within Kaseya are marginal at best (even after designing a script that enables WOL on all adapters on all systems), after hours is not a viable option either.

Kaseya -

As for the network scans being on by default, YES, IT DOES. See the attached screen shot, default settings on a healthy Win7 system. I am concerned that creating a complex system of exemptions is going to be the only offered solution to issues like these while we wait months for the next release (which that whole logic--regarding why an incomplete release was rushed out to everyone, and why it is not 'hotfix' qualified--as explained above by the folks at Kaseya still baffles me).

I didn't intend this to turn into a thread where we all complain, there's already plenty of those floating around in other posts, but i do believe strongly that Kaseya dropped the ball on this one--and they need to fix it... sooner than later. Any word on that target date for 1.4 yet, or are we left with "in a few months"? I will say this: i was in a position regarding a couple other specific threads, in which people were highly dissatisfied and expressed those opinions, where i was hinging on whether to take their stance or Kaseya's. I had high hopes for the next couple months to come, in regard to fixing the many (reasonable) small issues that were brought to your attention. This is the first of any real action i have seen since, and i am highly discouraged. I'm not the type to needlessly complain... i loved Kaseya when i started using it... but this does not bode well for my confidence in these promised upcoming releases of KAV and other components that are expected to make things a little more functional. I think there's a TON of potential, and Kaseya truly is powerful, but focus on the simple things we do every day, that don't work right (or at least not nearly as well as they should), can quickly put a sour taste in my mouth when I'm in Kaseya working all day... and when it plays such an elemental role in the success or failure of my company. Hotfix or otherwise, there needs to be a means of getting these "intermediate modifications" out to the Kaseya world.

Jameson -

I agree completely. Given the previous post from Kaseya, what i am hearing is: it was rushed out the door to fix other problems, but created others. This might be a little harsh, but i am feeling like i now have to choose between a couple things: accept it as-is, or get a new release that fixes those problems but is not thoroughly developed/tested--and creates new ones. I don't believe any of us here expect absolute perfection, but i, too, am highly dissatisfied right now.

Here's the screenshot mentioned above:

[edited by: Rick Mras at 6:34 PM (GMT -7) on 3-26-2012]
grammar

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

Rick, you are confused about the way this version of Kaspersky anti-virus works.

The screenshot you showed me is of "Protection Scope" which has nothing to do with scans.

If you click "Full Scan" on the left in the dialog here, you'll see a similar list of locations and the checkbox for "Network drives" would be unchecked.

Let me explain to all of you what the difference is.

When a full scan (or quick scan for that matter) is scheduled (or manually launched) only the checked items in the list would be scanned. Network drives will not be scanned if they're not checked (and they are not).

The "Protection Scope" is a completely different matter and we chose to enable network drives by default. This is the right choice. What this means is that files that the user copies (to launch or open) from the network will be matched in real-time to detect any potential threat. This has nothing to do with scans. In today's word, most viruses are coming from the network and very few are spread via disks or other physical media. Not checking the "Network Drives" by default will leave most of our customers unsecured and I don't think you wanted us to do that.

I hope this explanation makes it clear that (again) we don't scan network drives by default with KAV 1.3

You have posted to a forum that requires a moderator to approve posts before they are publicly available.